News

The Hacker News1h
Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics
APT28 targets NATO-aligned logistics and tech firms via malware, phishing, and 7 CVEs to spy on Ukraine aid routes.
The Hacker News7h
Fake Kling AI Facebook Ads Deliver RAT Malware to Over 22 Million Potential Victims
Fake Facebook ads impersonating Kling AI deploy PureHVNC RAT via spoofed sites, stealing credentials and crypto data.
The Hacker News6h
PureRAT Malware Spikes 4x in 2025, Deploying PureLogs to Target Russian Firms
The original executable that launches "ckcfb.exe" simultaneously also extracts a second binary referred to as "StilKrip.exe," ...
The Hacker News12h
Google Chrome Can Now Auto-Change Compromised Passwords Using Its Built-In Manager
Google has launched a new Chrome feature that automatically updates compromised passwords using its built-in Password Manager ...
The Hacker News10h
Researchers Expose PWA JavaScript Attack That Redirects Users to Adult Scam Apps
Malicious JavaScript redirects mobile users to fake adult PWA apps, bypassing browser security and desktop filters.
The Hacker News1d
Malicious PyPI Packages Exploit Instagram and TikTok APIs to Validate User Accounts
Cybersecurity researchers have uncovered malicious packages uploaded to the Python Package Index (PyPI) repository that act ...
The Hacker News1d
Hazy Hawk Exploits DNS Records to Hijack CDC, Corporate Domains for Malware Delivery
A threat actor known as Hazy Hawk has been observed hijacking abandoned cloud resources of high-profile organizations, ...
The Hacker News1d
AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation
Cybersecurity researchers have discovered risky default identity and access management (IAM) roles impacting Amazon Web ...
The Hacker News1d
South Asian Ministries Hit by SideWinder APT Using Old Office Flaws and Custom Malware
The attack chains leverage spear-phishing lures as a starting point to activate the infection process and deploy a known ...
The Hacker News1d
Go-Based Malware Deploys XMRig Miner on Linux Hosts via Redis Configuration Abuse
A new cryptojacking campaign dubbed RedisRaider is hijacking publicly exposed Redis servers by injecting cron jobs using ...
The Hacker News2d
Firefox Patches 2 Zero-Days Exploited at Pwn2Own Berlin with $100K in Rewards
Edouard Bochin and Tao Yan from Palo Alto Networks have been credited with finding and reporting CVE-2025-4918. The discovery ...
The Hacker News5d
New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy
Chrome flaw CVE-2025-4664 enables cross-origin data leaks; active exploit confirmed; update to 136.0.7103.113.